CVE-2025-14177
December 27, 2025
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
Affected Packages
https://github.com/php/php-src.git (GITHUB):
Affected version(s) >=php-8.1.0alpha1 <php-8.1.34Fix Suggestion:
Update to version php-8.1.34https://github.com/php/php-src.git (GITHUB):
Affected version(s) >=php-8.5.0alpha1 <php-8.5.1Fix Suggestion:
Update to version php-8.5.1https://github.com/php/php-src.git (GITHUB):
Affected version(s) >=php-8.3.0alpha1 <php-8.3.29Fix Suggestion:
Update to version php-8.3.29https://github.com/php/php-src.git (GITHUB):
Affected version(s) >=php-8.4.0alpha1 <php-8.4.16Fix Suggestion:
Update to version php-8.4.16https://github.com/php/php-src.git (GITHUB):
Affected version(s) >=php-8.2.0alpha1 <php-8.2.30Fix Suggestion:
Update to version php-8.2.30Related ResourcesĀ (1)
Do you need more information?
Contact UsCVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
PRESENT
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
LOW
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Out-of-bounds Read
EPSS
Base Score:
0.06
